Page protection ordering for lockless write tracking

ABSTRACT

A method and system for tracking write access in a memory. The memory is partitioned into pages and each page is pointed to by a pointer. Upon receiving a request from a requester, a computer system stores a copy of a file that contains pointers to modified pages in the memory. The computer system then clears the file, and protects the pages in the memory from write access after clearing of the file. The stored copy of the file is sent to the requester.

TECHNICAL FIELD

Embodiments of the present invention relate to a computer system, and more specifically, to memory management in a computer system.

BACKGROUND

A computer system often needs to keep track of the pages in a memory that are modified during operation. The memory may be allocated to a guest in a virtual machine system or a user space process. At some point of the operation, another process (a requester) may wish to know which of the pages have been modified. The requester may need to copy the modified pages to another location; for example, to a new location to which the guest allocated with the memory is migrating. To track the modified pages, the computer system keeps a log file to record pointers to the pages that have been modified. Upon request, the log file is passed to the requester.

To ensure write accesses to the pages are accurately tracked, a conventional computer system typically locks the memory upon receipt of the request for the log file. The lock prevents memory pages from being made writable by any guest or process, blocking the guest or process if it requests this access. In particular, if a memory page is write-protected for write-tracking purposes, locking suspends guest/process write access to this memory and, therefore, degrades system performance. However, without using a lock, the computer system may fail to capture a write access during the time the system is prepared for a new round of write tracking.

BRIEF DESCRIPTION OF THE DRAWINGS

The present invention is illustrated by way of example, and not by way of limitation, and can be more fully understood with reference to the following detailed description when considered in connection with the figures in which:

FIG. 1 is a block diagram of a computer system in which embodiments of the present invention may operate.

FIG. 2 is a block diagram of another computer system in which embodiments of the present invention may operate.

FIG. 3 illustrates an example of a memory manager that tracks write access to a memory.

FIG. 4 is a flow diagram of one embodiment of a method for tracking memory access.

FIG. 5 illustrates a diagrammatic representation of a machine in the exemplary form of a computer system.

DETAILED DESCRIPTION

Described herein is a method and system for tracking write access in a memory In one embodiment, the memory is partitioned into pages and each page is pointed to by a pointer. Upon receiving a request from a requester, a computer system stores a copy of a file that contains pointers to modified pages in the memory. The computer system then clears the file, and protects the pages in the memory from write access after clearing of the file. The stored copy of the file is sent to the requester.

According to embodiments of the present invention, the memory is not locked between the “clear” operation and the “write-protect” operation. Thus, an advantage of the embodiments described herein is to allow a sequence of operations to take place for tracking write access, without any locks between the individual operations. Locking protects a memory pages from being made writable (in some implementations, prevents all access to page tables) by a hypervisor, guest, operating system, and user-space process. Thus, locking degrades the system performance. Nevertheless, depending on the CPU architecture used, one or more of the operations described herein (or parts thereof) may internally use a lock for correctness. However, the internal lock is used within an individual operation and is released upon completion of the individual operation.

Throughout the following description, the term “guest” refers to the software that runs or can run on the hypervisor. A guest may be installed on a disk, loaded into memory, or currently running. A guest may include one or more of the following: a firmware copy in memory, an operating system, additional installed software, a browser, applications running on the browser, etc. The term “virtual machine (VM)” refers to part of a hypervisor and the host system running the hypervisor that are visible to the guest. A virtual machine may include one or more of the following: memory, virtual CPU, virtual devices (e.g., emulated NIC or disk), physical devices over which a guest is given partial or full control, firmware such as Basic Input/Output System (BIOS), Extensible Firmware Interface (EFI) and Advanced Configuration and Power Interface (ACPI) which is provided to the guest, etc.

In the following description, numerous details are set forth. It will be apparent, however, to one skilled in the art, that the present invention may be practiced without these specific details. In some instances, well-known structures and devices are shown in block diagram form, rather than in detail, in order to avoid obscuring the present invention.

FIG. 1 is a block diagram that illustrates an embodiment of a computer system 100 in which embodiments of the present invention may operate. The computer system 100 is a virtual machine system that hosts one or more guests (e.g., guest 140). Each guest runs a guest operating system to manage its resources. The guests may run the same or different guest operating systems. Examples of the guest operating system include Microsoft Windows®, Linux®, Solaris®, Mac® OS, etc. The computer system 100 may be a server, a workstation, a personal computer (PC), a mobile phone, a palm-sized computing device, a personal digital assistant (PDA), etc.

In one embodiment, the computer system 100 runs a hypervisor 125 to virtualize access to the underlying host hardware for the guests, making the use of the host hardware transparent to the guests and the users of the computer system 100. The hypervisor 125 may also be known as a virtual machine monitor (VMM) or a kernel-based hypervisor. In some embodiments, the hypervisor 125 may be part of a host OS 120.

In one embodiment, the computer system 100 is accessible by remote systems via a network 160. The network 160 may be a private network (e.g., a local area network (LAN), a wide area network (WAN), intranet, etc.) or a public network (e.g., the Internet). The computer system 100 also includes hardware components such as one or more physical central processing units (CPUs) 170,memory 190 and other hardware components.

According to one embodiment of the present invention, the hypervisor 125 includes a memory manager 128 to track the write access to a memory space allocated to the guest 140. The memory space is partitioned into a number of pages (e.g., 4K-byte blocks). Each page is designated as writable or write-protected. When a page is write-protected, a request to write into the page triggers a fault. In response, the memory manager 128 records the page as modified, and removes the write protection of the page to allow the requested write access. Modification to the page is recorded only when the page is write-protected (that is, it is not recorded when the page becomes writable). The page will remain writable until the memory manager 128 write-protects it again in response to a request for a list of modified pages.

In one embodiment, the memory manager 128 initially marks all of the pages in a given memory space as write-protected. The memory manager 128 keeps a log file recording pointers to the pages that have been modified. In some scenarios, a requester (e.g., part of a hypervisor module or OS module that manages migration) may request to access the log file. For example, the log file may be needed when the guest 140 allocated with the memory space is migrating to another location (e.g., another computer system or another hypervisor in the same computer system). Instead of copying all of the pages in the allocated memory space to the new location, the computer system 100 copies only the pages that have been modified. In one embodiment, the memory manager 128 tracks the write access continuously: when the log file is requested by the requester, the memory manager 128 can store a copy of the log file, reset (i.e., clear the contents of) the log file, write-protect the pages that have become writable, and send the stored copy to the requester. The memory manager 128 then starts a new round of write tracking.

It will be apparent, to one skilled in the art, that the log file described herein can be implemented in a variety of ways. For example, the computer system 100 may use an in-memory array utilizing a bit set for a modified page and clear for an unmodified page, another in-memory data structure, a file on disk, etc.

Embodiments of the present invention allow efficient write tracking. It is not necessary to lock the memory when a request for the log file is received. In response to the request for the log file, the memory manager 128 clears the log file and then protects the pages from write access. Even if the guest 140 writes into the memory between the “clear” operation and the “write-protect” operation, this write access can still be correctly recorded in a log file.

FIG. 2 is a block diagram that illustrates an alternative embodiment of a computer system 200 in which embodiments of the present invention may operate. In this embodiment, the computer system 200 is a non-virtualized system; that is, the computer system 200 does not host any virtual machines or guests. Instead of hosting guests, the computer system 200 runs a number of user space processes 240 that are managed by the host OS 220. The host OS 220 includes the memory manager 128, which tracks the write access of the processes 240 using the same mechanism as described above in connection with FIG. 1.

In the following description, it is understood that the operations involving a guest in a virtual machine system can be equally applicable to the operations involving a user space process in a non-virtualized system.

FIG. 3 illustrates an example of an interaction between the memory manager 128 and the guest 140 (which would be the user space process 240 in a non-virtualized system). The guest 140 is allocated with a memory, which is partitioned into pages. The memory manager 128 maintains a page table 350, which records pointers 360 to the pages and write protection status 370 of the pages. The memory manager 128 also maintains a log file 310, which records the pointers to the pages that have been modified since the last time the log file 310 was reported to a requester. In one embodiment, all of the pages in the pages table 350 are initially marked as write protected in the write protection status 370. When the guest 140 issues a request to write a page, the memory manager 128 records the pointer to the requested page in the log file 310 and changes the write protection status 370 of the requested page to writable. The guest 140 then obtains write access to the requested page. The guest 140 continues to issue multiple write requests to write multiple pages. At some point in time, a requesting module 330 (e.g., part of a migration-managing hypervisor module or OS module) issues a request for the log file 310. In response, the memory manager 128 stores a copy of the log file 310 in a memory location 320, clears the log file 310, write-protects the pages in the page table 350, and then sends the copy of the log file 310 (in the memory location 320) to the requester module 330.

In one embodiment, after the requester module 330 reads the copy in the memory location 320, the requester module 330 may release or discard the memory location 320. The memory manager 128 then requests the allocation of a new memory location 320 next time it needs to save a copy of the log file 310 for sending it to a requester module 330. In an alternative embodiment, the memory manager 128 may clear the log file 310 by swapping the pointer to a log file A with the pointer to a clean log file B. Log file A is the log file that contains the pointers to the modified pages and log file B is a clean file. By swapping the pointer to log file A with the pointer to log file B, the memory manager 128 makes log file A available to the requester module 330 and obtains a clean log file (i.e., log file B) to start anew round of write tracking. In one embodiment, after the requester module 330 finishes reading log file A, the requester module 330 or a background process clears log file A. Thus, after the new round of write access is recorded in log file B, the memory manager 128 can swap the pointers to log file A and log file B again to obtain a clean log file for another round of write tracking.

In one embodiment, the memory manager 128 write-protects the pages in the page table 350 by updating the write protection status 370 in the page table 350, such that all of the pages in the page table 350 are write protected. The write-protect operation may be repeated for each page when necessary. The operation sequence (that is, the clear operation followed by the write-protect operation) ensures that the log file 310 tracks all instances of write access to the pages.

According to embodiments of the present invention, if the guest 140 writes to a page (P1) after the clear operation and before the write-protect operation, the pointer to P1 will be recorded either in the log file 310 (if P1 is writable before the write occurs) or in the stored copy of the log file 310 (if P1 is write-protected when the write occurs). In an embodiment where the requester module 330 is to make a copy of the modified pages, the copying may take place after all of the pages are write protected, such that the copy will contain updates to P1 (if any) made between the clear operation and the write-protect operation.

FIG. 4 is a flow diagram illustrating one embodiment of a method 400 for tracking write access to a memory. The method 400 may be performed by a computer system 500 of FIG. 5 that may comprise hardware (e.g., circuitry, dedicated logic, programmable logic, microcode, etc.), software (e.g., instructions run on a processing device), or a combination thereof. In one embodiment, the method 400 is performed by the memory manager 128 of FIG. 1 (in a virtual machine system) and FIG. 2 (in a non-virtualized system).

Referring to FIG. 4, in one embodiment, the method 400 begins when the memory manager 128 receives a request from a requester (e.g., the requester module 330 of FIG. 3) for a log file that contains pointers to modified pages in a memory, the write access to which is being tracked (block 410). In response, the memory manager 128 stores a copy of the log file in a memory location (block 420), and clears the log file (block 430). The memory manager 128 then write-protects all of the pages in the memory (block 440), and then sends the copy of the log file to the requester module (block 450).

At some point in time during operation, the memory manager 128 receives a request from the guest or the user space process for writing into one of the write-protected pages (block 460). The memory manager 128 traps this request. The memory manager 128 then records the pointer to the requested page in the log file and removes the write protection of the requested page to allow write access (block 470). The operations of blocks 460 and blocks 470 may repeat until the memory manager 128 receives a request from a requester for a log file (block 410). The method 400 then repeats the operations of blocks 420-470.

FIG. 5 illustrates a diagrammatic representation of a machine in the exemplary form of a computer system 500 within which a set of instructions, for causing the machine to perform any one or more of the methodologies discussed herein, may be executed. In alternative embodiments, the machine may be connected (e.g., networked) to other machines in a Local Area Network (LAN), an intranet, an extranet, or the Internet. The machine may operate in the capacity of a server or a client machine in a client-server network environment, or as a peer machine in a peer-to-peer (or distributed) network environment. The machine may be a personal computer (PC), a tablet PC, a set-top box (STB), a Personal Digital Assistant (PDA), a cellular telephone, a web appliance, a server, a network router, switch or bridge, or any machine capable of executing a set of instructions (sequential or otherwise) that specify actions to be taken by that machine. Further, while only a single machine is illustrated, the term “machine” shall also be taken to include any collection of machines (e.g., computers) that individually or jointly execute a set (or multiple sets) of instructions to perform any one or ore of the methodologies discussed herein.

The exemplary computer system 500 includes a processing device 502, a main memory 504 (e.g., read-only memory (ROM), flash memory, dynamic random access memory (DRAM) such as synchronous DRAM (SDRAM) or Rambus DRAM (RDRAM), etc.), a static memory 506 (e.g., flash memory, static random access memory (SRAM), etc.), and a secondary memory 518 (e.g., a data storage device), which communicate with each other via a bus 530.

The processing device 502 represents one or more general-purpose processing devices such as a microprocessor, central processing unit, or the like. More particularly, the processing device 502 may be a complex instruction set computing (CISC) microprocessor, reduced instruction set computing (RISC) microprocessor, very long instruction word (VLIW) microprocessor, processor implementing other instruction sets, or processors implementing a combination of instruction sets. The processing device 502 may also be one or more special-purpose processing devices such as an application specific integrated circuit (ASIC), a field programmable gate array (FPGA), a digital signal processor (DSP), network processor, or the like. The processing device 502 is configured to execute memory manager logic 522 for performing the operations and steps discussed herein.

The computer system 500 may further include a network interface device 508. The computer system 500 also may include a video display unit 510 (e.g., a liquid crystal display (LCD) or a cathode ray tube (CRT)), an alphanumeric input device 512 (e.g., a keyboard), a cursor control device 514 (e.g., a mouse), and a signal generation device 516 (e.g., a speaker).

The secondary memory 518 may include a machine-readable storage medium (or more specifically a computer-readable storage medium) 531 on which is stored one or more sets of instructions (e.g.,memory manager logic 522) embodying any one or more of the methodologies or functions described herein (e.g., the memory manager 128 of FIGS. 1 and 2). The memory manager logic 522 may also reside, completely or at least partially, within the main memory 504 and/or within the processing device 502 during execution thereof by the computer system 500; the main memory 504 and the processing device 502 also constituting machine-readable storage media. The memory manager logic 522 may further be transmitted or received over a network 520 via the network interface device 508.

The machine-readable storage medium 531 may also be used to store the memory manager logic 522 persistently. While the machine-readable storage medium 531 is shown in an exemplary embodiment to be a single medium, the term “machine-readable storage medium” should be taken to include a single medium or multiple media (e.g., a centralized or distributed database, and/or associated caches and servers) that store the one or more sets of instructions. The term “machine-readable storage medium” shall also be taken to include any medium that is capable of storing or encoding a set of instructions for execution by the machine that causes the machine to perform any one or more of the methodologies of the present invention. The term “machine-readable storage medium” shall accordingly be taken to include, but not be limited to, solid-state memories, and optical and magnetic media.

The computer system 500 may additionally include memory manager modules 528 for implementing the functionalities of the memory manager 128 of FIGS. 1 and 2. The module 528, components and other features described herein (for example in relation to FIG. 1) can be implemented as discrete hardware components or integrated in the functionality of hardware components such as ASICS, FPGAs, DSPs or similar devices. In addition, the module 528 can be implemented as firmware or functional circuitry within hardware devices. Further, the module 528 can be implemented in any combination of hardware devices and software components.

Some portions of the detailed descriptions which follow are presented in terms of algorithms and symbolic representations of operations on data bits within a computer memory. These algorithmic descriptions and representations are the means used by those skilled in the data processing arts to most effectively convey the substance of their work to others skilled in the art. An algorithm is here, and generally, conceived to be a self-consistent sequence of steps leading to a desired result. The steps are those requiring physical manipulations of physical quantities. Usually, though not necessarily, these quantities take the form of electrical or magnetic signals capable of being stored, transferred, combined, compared, and otherwise manipulated. It has proven convenient at times, principally for reasons of common usage, to refer to these signals as bits, values, elements, symbols, characters, terms, numbers, or the like.

It should be borne in mind, however, that all of these and similar terms are to be associated with the appropriate physical quantities and are merely convenient labels applied to these quantities. Unless specifically stated otherwise, as apparent from the following discussion, it is appreciated that throughout the description, discussions utilizing terms such as “storing”, “clearing”, “protecting”, “sending”, or the like, refer to the action and processes of a computer system, or similar electronic computing device, that manipulates and transforms data represented as physical (electronic) quantities within the computer system's registers and memories into other data similarly represented as physical quantities within the computer system memories or registers or other such information storage, transmission or display devices.

Embodiments of the present invention also relate to an apparatus for performing the operations herein. This apparatus may be specially constructed for the required purposes, or it may comprise a general purpose computer system selectively programmed by a computer program stored in the computer system. Such a computer program may be stored in a computer readable storage medium, such as, but not limited to, any type of disk including optical disks, CD-ROMs, and magnetic-optical disks, read-only memories (ROMs), random access memories (RAMs), EPROMs, EEPROMs, magnetic disk storage media, optical storage media, flash memory devices, other type of machine-accessible storage media, or any type of media suitable for storing electronic instructions, each coupled to a computer system bus.

The algorithms and displays presented herein are not inherently related to any particular computer or other apparatus. Various general purpose systems may be used with programs in accordance with the teachings herein, or it may prove convenient to construct a more specialized apparatus to perform the required method steps. The required structure for a variety of these systems will appear as set forth in the description below. In addition, the present invention is not described with reference to any particular programming language. It will be appreciated that a variety of programming languages may be used to implement the teachings of the invention as described herein.

It is to be understood that the above description is intended to be illustrative, and not restrictive. Many other embodiments will be apparent to those of skill in the art upon reading and understanding the above description. Although the present invention has been described with reference to specific exemplary embodiments, it will be recognized that the invention is not limited to the embodiments described, but can be practiced with modification and alteration within the spirit and scope of the appended claims. Accordingly, the specification and drawings are to be regarded in an illustrative sense rather than a restrictive sense. The scope of the invention should, therefore, be determined with reference to the appended claims, along with the full scope of equivalents to which such claims are entitled. 

1. A method, implemented by a computer system programmed to perform the follow ng, comprising: upon receiving a request from a requester, storing, by the computer system, a copy of a file in a memory location, the file containing pointers to modified pages in a memory that is partitioned into a plurality of pages; clearing, by the computer system, the file; protecting, by the computer system, the plurality of pages from write access after clearing of the file; and sending, by the computer system, the copy of the file to the requester.
 2. The method of claim 1, wherein protecting the plurality of pages further comprises: receiving a write request to write to a page that is protected from write access; and in response to the write request, making the page writable and recording a pointer to the page in the file.
 3. The method of claim 1, wherein clearing the file further comprises: replacing a first pointer that points to the file with a second pointer that points to a clean file.
 4. The method of claim 1, wherein subsequent to clearing the file and prior to protecting a specific page of the plurality of pages from write access, the method further comprises: granting a write request to write into the specific page in the memory.
 5. The method of claim 1, wherein the memory is not locked subsequent to the clearing of the file and prior to the protecting of the plurality of pages from write access.
 6. The method of claim 1, wherein the memory is allocated to a guest hosted by the computer system.
 7. The method of claim 1, wherein the memory is allocated to a user space process executed by the computer system.
 8. A system comprising: memory, which is partitioned into a plurality of pages, each page pointed to by a pointer; and a processor coupled to the memory, the processor to: store a copy of a file in a memory location upon receipt of a request from a requester, wherein the file contains pointers to modified pages in the memory; clear the file; protect the plurality of pages from write access after the file is cleared; and send the copy of the file to the requester.
 9. The system of claim 8, wherein the processor, upon receipt of a write request to write to a page that is protected from rite access, makes the page writable and records a pointer to the page in the file.
 10. The system of claim 8, wherein the processor clears the file by replacing a first pointer that points to the file with a second pointer that points to a clean file.
 11. The system of claim 8, wherein the computer system grants a write request to write into a specific page in the memory subsequent to clearing the file and prior to protecting the specific page of the plurality of pages from write access.
 12. The system of claim 8, wherein the memory is not locked subsequent to the clearing of the file and prior to the protecting of the plurality of pages from write access.
 13. The system of claim 8, wherein the memory is allocated to a guest hosted by the computer system.
 14. The system of claim 8, wherein the memory is allocated to a user space process executed by the computer system.
 15. A non-transitory computer readable storage medium including instructions that, when executed by a processing system, cause the processing system to perform a method comprising: upon receiving a request from a requester, storing, by a computer system, a copy of a file in a memory location, the file containing pointers to modified pages in a memory that is partitioned into a plurality of pages; clearing, by the computer system, the file; protecting, by the computer system, the plurality of pages from write access after clearing of the file; and sending, by the computer system, the copy of the file to the requester.
 16. The computer readable storage medium of claim 15, wherein protecting the plurality of pages further comprises: receiving a write request to write to a page that is protected from write access; and in response to the write request, making the page writable and recording a pointer to the page in the file.
 17. The computer readable storage medium of claim 15, wherein clearing the file further comprises: replacing a first pointer that points to the file with a second pointer that points to a clean file.
 18. The computer readable storage medium of claim 15, wherein subsequent to clearing the file and prior to protecting a specific page of the plurality of pages from write access, the method further comprises: granting a write request to write into the specific page in the memory.
 19. The computer readable storage medium of claim 15, wherein the memory is not locked subsequent to the clearing of the file and prior to the protecting of the plurality of pages from write access.
 20. The computer readable storage medium of claim 15, wherein the memory is allocated to a guest hosted by the computer system. 